Due to a configuration error, the PostgreSQL server that is bundled into omnibus-gitlab trusts all connections originating from the server omnibus-gitlab is running on. This has been rectified in omnibus-gitlab 6.9.2.omnibus.2 (GitLab Community Edition) and 6.9.4-ee.omnibus.1 (GitLab Enterprise Edition). We advise all users of omnibus-gitlab to update to the latest release.

Affected versions: all versions of omnibus-gitlab up to and including omnibus-gitlab 6.9.2.omnibus.1 (GitLab Community Edition) and 6.9.4-ee.omnibus (GitLab Enterprise Edition).

Not affected: Source and cookbook installations of GitLab (e.g. not using .deb or .rpm packages). Omnibus-gitlab installations which use an external DBMS are also not affected.

If the command echoes connected to an insecure Postgres instance your omnibus-gitlab installation is affected by this issue. If you receive an error message psql: FATAL: Peer authentication failed for user "gitlab-psql", your bundled Postgres service is secured.